Dealing With Insider Data Theft

Uploaded on 2016-10-19 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

To learn that your company's confidential data was stolen, not by any hacker, but by an employee, is a nightmare scenario that no one wants to face.

But it's also a risk that's very real. The recent arrest of a former NSA contractor suspected of stealing classified government files is just the latest high-profile example, and security experts say all companies need to be on guard against potential insider threats.

How serious is the threat?

It's not every day that thieving employees take to the digital black market to sell their company's sensitive information, but it does happen, and incidents have been occurring more frequently, said Andrei Barysevich, a director at security firm Flashpoint.

Flashpoint specializes in investigating marketplaces on the Dark Web for possible sales involving private company data. In one such case, it identified an employee of a major software company attempting to sell valuable source code for about $15,000.

Flashpoint has also detected other incidents of insiders trying to sell information from financial companies, healthcare providers and law firms, all of which hold valuable data such as bank account numbers, patient information and upcoming merger and acquisition deals.

In many of those cases, it appears the insider had access to sensitive data that no one at their companies bothered to monitor, Barysevich said. That's a serious problem, and he advises companies to segregate all valuable data away from employees who don't have a reason to use it. He also says they should create a culture where employees are aware of the insider threat.

Not all are malicious

Data protection company Bitglass has also been studying the insider threat. In a report published last month, it found that one-third of organizations surveyed had experienced an insider attack within the past year in which data was leaked.

However, malicious insiders weren't the only ones to blame. Careless employees caused some of the leaks. "Inadvertent leakage is also a big problem," said Salim Hafid, product manager for Bitglass. 

Cloud-based applications and bring-your-own-device policies have only made it easier to accidentally share or publish confidential data, he said. As a result, more corporate data is getting out of company networks and into personal smartphones and file-sharing systems.  

"A huge number of organizations that have cloud applications deployed have no means to identify these careless activities and no way to mitigate the threat," Hafid said. Companies like Bitglass sell services to fill those gaps.

Security vs. Privacy

To solve the problem, security firms are also coming up with products that can monitor access to a company's most sensitive files. The European company Balabit has created Blindspotter, which is designed to detect any unusual employee activity on corporate systems.

It does this by looking at where the employee is accessing the data, what applications are being opened and even mouse movement and keyboard strokes, said Balabit CTO Balázs Scheidler. The Blindspotter software can then score what activity looks suspicious and even react by terminating an employee's corporate connection.

"We get a very intimate insight into what you are doing," Scheilder said. "Traditional tools aren't capable of looking at this traffic."

That insight may not be to everyone's liking. With real-time monitoring can come concerns about violating employee privacy.

"It's important for the companies to be transparent and communicate to those who are being monitored why this is happening," Scheilder said. The monitoring doesn't have to involve all employees. It can focus on those with high-level access, such as system administrators, who could be the target of hackers or insider threats trying to steal their login credentials.  

"The kind of damage that can happen if your account is stolen ... can be communicated very clearly," he said.

Maintaining the right approach

Companies that do suspect an insider threat should contact the professionals, said Eric O'Neill, national security strategist for security firm Carbon Black.

"You shouldn't do it alone," he said. "You don't want to corrupt the investigation. These things can get touchy."

That can be especially true when malicious employees are trying to cover their tracks. Evidence needs to be found and preserved to help determine the full extent of what may have been stolen, O'Neill said.

It's also important not to go too far in catching insider threats. "Certain procedures can make employees feel like they are working in a police state," he said.

However, O'Neill encourages companies to take insider threats seriously. "Many companies and government agencies still have a blind spot with this problem," he said. "It's one of the most difficult issues facing security."

Computerworld

 

« Stolen NSA Hacking Tools For Sale In Bizarre Auction
Pentagon Creates New 5,000 Strong Cyber Force »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

Phone Monitoring Service

Phone Monitoring Service

Phone Monitoring Service provides cyber security services, ethical hacking services, social media hacking services in the USA, Canada, Europe.